[nsp] 7600 and ACLs
Ash Garg
ash@telstra.net
Wed, 6 Nov 2002 13:44:34 +1100
yeah... that's what currently allow all the packets to be processed
properly. Somewhere their hardware implementation seems to be broken :-(
Removing the log gives very weird results...
Ash
\\\|||///
\\ ^ ^ //
( 6 6 )
-----------------------------------------oOOo-(_)-oOOo---
Ash Garg 5/490 Northbourne Ave
Network Specialist DICKSON 2602
Internet Network Development
Telstra
Email: <<mailto:Ash.Garg@telstra.net>>
BH: +612 6208 1994
Mob: 0408 687 642
Fax: +612 6248 6165
The best way to publicize a governmental or political
action is to attempt to hide it. -Mark B. Cohen
----------------------------------------------------------
-----Original Message-----
From: Vicky O. Mair [mailto:vickyr@socal.rr.com]
Sent: Wednesday, 6 November 2002 1:31 PM
To: ash@telstra.net; cisco-nsp@puck.nether.net
Subject: RE: [nsp] 7600 and ACLs
hi,
hmm....not sure if 'established' keyword is needed in your case but
something to be aware of (which i'm sure you are) that the 'log' keyword
will drop the packets in process switching mode.
/vicky
-----Original Message-----
From: cisco-nsp-admin@puck.nether.net
[mailto:cisco-nsp-admin@puck.nether.net]On Behalf Of Ash Garg
Sent: Tuesday, November 05, 2002 2:22 PM
To: cisco-nsp@puck.nether.net
Subject: [nsp] 7600 and ACLs
Has anyone had problems with acls applied to vlan interfaces on a 7600
running Native IOS? We have tried two different IOSs: 12.1(8b)e9 &
12.1(11b)e7 with little difference.
The problem we notice is that TCP SYN packets aren't passed thru without the
use of the "log" key word. When you put in the log keyword, the packets pass
thru the interface without a problem...
Ash
\\\|||///
\\ ^ ^ //
( 6 6 )
-----------------------------------------oOOo-(_)-oOOo---
Ash Garg 5/490 Northbourne Ave
Network Specialist DICKSON 2602
Internet Network Development
Telstra
Email: <<mailto:Ash.Garg@telstra.net>>
BH: +612 6208 1994
Mob: 0408 687 642
Fax: +612 6248 6165
The best way to publicize a governmental or political
action is to attempt to hide it. -Mark B. Cohen
----------------------------------------------------------
_______________________________________________
cisco-nsp mailing list real_name)s@puck.nether.net
http://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/